Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync up SECURITY.md with wildfly/SECURITY.md #654

Merged
merged 1 commit into from
Aug 22, 2023
Merged

sync up SECURITY.md with wildfly/SECURITY.md #654

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 19 additions & 6 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,23 @@
# Security Policy
# Reporting of CVEs and Security Issues

## Security Contacts and Procedures
## The WildFly community and our sponsor, Red Hat, take security bugs very seriously

This community takes security very seriously, and we aim to take immediate action to address serious security-related problems that involve our products or services.
We aim to take immediate action to address serious security-related problems that involve our projects.

Please report any suspected security vulnerability in this project to Red Hat Product Security at [email protected]. You can use our GPG key to communicate with us securely.
Note that we will only fix such issues in the most recent minor release of WildFly.

To report an issue in any Red Hat branded website or online service, please contact Red Hat Information Security at [email protected].
https://access.redhat.com/security/team/contact
## Reporting of Security Issues

When reporting a security vulnerability it is important to not accidentally broadcast to the world that the issue exists, as this makes it easier for people to exploit it. The software industry uses the term <a href="https://www.redhat.com/en/blog/security-embargoes-red-hat">embargo</a> to describe the time a security issue is known internally until it is public knowledge.

Our preferred way of reporting security issues in WildFly and its related projects is listed below.

### Email the mailing list

The list at <a href="mailto:[email protected]">[email protected]</a> is the preferred mechanism for outside users to report security issues. A member of the WildFly team will open the required issues.

### Other considerations

If you would like to work with us on a fix for the security vulnerability, please include your GitHub username in the above email, and we will provide you access to a temporary private fork where we can collaborate on a fix without it being disclosed publicly, **including in your own publicly visible git repository**.

Do not open a public issue, send a pull request, or disclose any information about the suspected vulnerability publicly, **including in your own publicly visible git repository**. If you discover any publicly disclosed security vulnerabilities, please notify us immediately through <a href="mailto:[email protected]">[email protected]</a>
Loading